This content has been marked as final.
Show 1 reply
-
1. Re: can bypass security using context root
johnv Jan 26, 2005 7:41 PM (in response to johnv)Note: This has nothing to do with browser caching. Before each test I stop/restart JBoss and the browser session. Whether I hit just the context root first or specify index.jsp first I see the described behavior.
Note: I can get around this by specifying:
<url-pattern>*.jsp</url-pattern>
In the security constraint though I don't want to do that. This test, however, makes it seem like JBoss is accessing some internal .jsp prior to hitting index.jsp. Bizzare I know, grasping at straws here as to a reason for this behavior.
That workaround aside it certainly seems like JBoss does not consider the context root and the context root with /index.jsp on the end to be the same in terms of the sec constraint.
John